"Windows Workstation not allowed" when AD user is restricted

Unanswered Question

When we restrict in Active Directory a User to which Workstation he is allowed to connect, we get the Error Message on the ACS." Windows Workstation is not allowd" Authentication failed.

Have you got an idea to solve the Problem. In the allowed wokstation we have got the DC and the ACS-server.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jagdeep Gambhir Fri, 06/15/2007 - 04:49


To satisfy Windows requirements for authentication requests, Cisco Secure ACS must specify the Windows workstation that the user is attempting to log into. Because Cisco Secure ACS cannot determine this information from authentication requests sent by AAA clients, it uses a generic workstation name for all requests. The workstation name used is "CISCO".

In the local domain and in each trusted domain and child domain that Cisco Secure ACS will

use to authenticate users, ensure both of the following:

?A computer account named "CISCO" exists.

?All users to be authenticated by Windows have permission to log into the computer named




Hope that helps !



Note :If that answers your question, then please mark this thread as resolved, so that others can benefit from it.

Jagdeep Gambhir Mon, 06/18/2007 - 12:08


You need it even if acs is a part of domain.

Please test it , let me know how that goes.



This Discussion